~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/sched/act_skbmod.c

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 // SPDX-License-Identifier: GPL-2.0-or-later
  2 /*
  3  * net/sched/act_skbmod.c  skb data modifier
  4  *
  5  * Copyright (c) 2016 Jamal Hadi Salim <jhs@mojatatu.com>
  6 */
  7 
  8 #include <linux/module.h>
  9 #include <linux/if_arp.h>
 10 #include <linux/init.h>
 11 #include <linux/kernel.h>
 12 #include <linux/skbuff.h>
 13 #include <linux/rtnetlink.h>
 14 #include <net/inet_ecn.h>
 15 #include <net/netlink.h>
 16 #include <net/pkt_sched.h>
 17 #include <net/pkt_cls.h>
 18 #include <net/tc_wrapper.h>
 19 
 20 #include <linux/tc_act/tc_skbmod.h>
 21 #include <net/tc_act/tc_skbmod.h>
 22 
 23 static struct tc_action_ops act_skbmod_ops;
 24 
 25 TC_INDIRECT_SCOPE int tcf_skbmod_act(struct sk_buff *skb,
 26                                      const struct tc_action *a,
 27                                      struct tcf_result *res)
 28 {
 29         struct tcf_skbmod *d = to_skbmod(a);
 30         int action, max_edit_len, err;
 31         struct tcf_skbmod_params *p;
 32         u64 flags;
 33 
 34         tcf_lastuse_update(&d->tcf_tm);
 35         bstats_update(this_cpu_ptr(d->common.cpu_bstats), skb);
 36 
 37         action = READ_ONCE(d->tcf_action);
 38         if (unlikely(action == TC_ACT_SHOT))
 39                 goto drop;
 40 
 41         max_edit_len = skb_mac_header_len(skb);
 42         p = rcu_dereference_bh(d->skbmod_p);
 43         flags = p->flags;
 44 
 45         /* tcf_skbmod_init() guarantees "flags" to be one of the following:
 46          *      1. a combination of SKBMOD_F_{DMAC,SMAC,ETYPE}
 47          *      2. SKBMOD_F_SWAPMAC
 48          *      3. SKBMOD_F_ECN
 49          * SKBMOD_F_ECN only works with IP packets; all other flags only work with Ethernet
 50          * packets.
 51          */
 52         if (flags == SKBMOD_F_ECN) {
 53                 switch (skb_protocol(skb, true)) {
 54                 case cpu_to_be16(ETH_P_IP):
 55                 case cpu_to_be16(ETH_P_IPV6):
 56                         max_edit_len += skb_network_header_len(skb);
 57                         break;
 58                 default:
 59                         goto out;
 60                 }
 61         } else if (!skb->dev || skb->dev->type != ARPHRD_ETHER) {
 62                 goto out;
 63         }
 64 
 65         err = skb_ensure_writable(skb, max_edit_len);
 66         if (unlikely(err)) /* best policy is to drop on the floor */
 67                 goto drop;
 68 
 69         if (flags & SKBMOD_F_DMAC)
 70                 ether_addr_copy(eth_hdr(skb)->h_dest, p->eth_dst);
 71         if (flags & SKBMOD_F_SMAC)
 72                 ether_addr_copy(eth_hdr(skb)->h_source, p->eth_src);
 73         if (flags & SKBMOD_F_ETYPE)
 74                 eth_hdr(skb)->h_proto = p->eth_type;
 75 
 76         if (flags & SKBMOD_F_SWAPMAC) {
 77                 u16 tmpaddr[ETH_ALEN / 2]; /* ether_addr_copy() requirement */
 78                 /*XXX: I am sure we can come up with more efficient swapping*/
 79                 ether_addr_copy((u8 *)tmpaddr, eth_hdr(skb)->h_dest);
 80                 ether_addr_copy(eth_hdr(skb)->h_dest, eth_hdr(skb)->h_source);
 81                 ether_addr_copy(eth_hdr(skb)->h_source, (u8 *)tmpaddr);
 82         }
 83 
 84         if (flags & SKBMOD_F_ECN)
 85                 INET_ECN_set_ce(skb);
 86 
 87 out:
 88         return action;
 89 
 90 drop:
 91         qstats_overlimit_inc(this_cpu_ptr(d->common.cpu_qstats));
 92         return TC_ACT_SHOT;
 93 }
 94 
 95 static const struct nla_policy skbmod_policy[TCA_SKBMOD_MAX + 1] = {
 96         [TCA_SKBMOD_PARMS]              = { .len = sizeof(struct tc_skbmod) },
 97         [TCA_SKBMOD_DMAC]               = { .len = ETH_ALEN },
 98         [TCA_SKBMOD_SMAC]               = { .len = ETH_ALEN },
 99         [TCA_SKBMOD_ETYPE]              = { .type = NLA_U16 },
100 };
101 
102 static int tcf_skbmod_init(struct net *net, struct nlattr *nla,
103                            struct nlattr *est, struct tc_action **a,
104                            struct tcf_proto *tp, u32 flags,
105                            struct netlink_ext_ack *extack)
106 {
107         struct tc_action_net *tn = net_generic(net, act_skbmod_ops.net_id);
108         bool ovr = flags & TCA_ACT_FLAGS_REPLACE;
109         bool bind = flags & TCA_ACT_FLAGS_BIND;
110         struct nlattr *tb[TCA_SKBMOD_MAX + 1];
111         struct tcf_skbmod_params *p, *p_old;
112         struct tcf_chain *goto_ch = NULL;
113         struct tc_skbmod *parm;
114         u32 lflags = 0, index;
115         struct tcf_skbmod *d;
116         bool exists = false;
117         u8 *daddr = NULL;
118         u8 *saddr = NULL;
119         u16 eth_type = 0;
120         int ret = 0, err;
121 
122         if (!nla)
123                 return -EINVAL;
124 
125         err = nla_parse_nested_deprecated(tb, TCA_SKBMOD_MAX, nla,
126                                           skbmod_policy, NULL);
127         if (err < 0)
128                 return err;
129 
130         if (!tb[TCA_SKBMOD_PARMS])
131                 return -EINVAL;
132 
133         if (tb[TCA_SKBMOD_DMAC]) {
134                 daddr = nla_data(tb[TCA_SKBMOD_DMAC]);
135                 lflags |= SKBMOD_F_DMAC;
136         }
137 
138         if (tb[TCA_SKBMOD_SMAC]) {
139                 saddr = nla_data(tb[TCA_SKBMOD_SMAC]);
140                 lflags |= SKBMOD_F_SMAC;
141         }
142 
143         if (tb[TCA_SKBMOD_ETYPE]) {
144                 eth_type = nla_get_u16(tb[TCA_SKBMOD_ETYPE]);
145                 lflags |= SKBMOD_F_ETYPE;
146         }
147 
148         parm = nla_data(tb[TCA_SKBMOD_PARMS]);
149         index = parm->index;
150         if (parm->flags & SKBMOD_F_SWAPMAC)
151                 lflags = SKBMOD_F_SWAPMAC;
152         if (parm->flags & SKBMOD_F_ECN)
153                 lflags = SKBMOD_F_ECN;
154 
155         err = tcf_idr_check_alloc(tn, &index, a, bind);
156         if (err < 0)
157                 return err;
158         exists = err;
159         if (exists && bind)
160                 return ACT_P_BOUND;
161 
162         if (!lflags) {
163                 if (exists)
164                         tcf_idr_release(*a, bind);
165                 else
166                         tcf_idr_cleanup(tn, index);
167                 return -EINVAL;
168         }
169 
170         if (!exists) {
171                 ret = tcf_idr_create(tn, index, est, a,
172                                      &act_skbmod_ops, bind, true, flags);
173                 if (ret) {
174                         tcf_idr_cleanup(tn, index);
175                         return ret;
176                 }
177 
178                 ret = ACT_P_CREATED;
179         } else if (!ovr) {
180                 tcf_idr_release(*a, bind);
181                 return -EEXIST;
182         }
183         err = tcf_action_check_ctrlact(parm->action, tp, &goto_ch, extack);
184         if (err < 0)
185                 goto release_idr;
186 
187         d = to_skbmod(*a);
188 
189         p = kzalloc(sizeof(struct tcf_skbmod_params), GFP_KERNEL);
190         if (unlikely(!p)) {
191                 err = -ENOMEM;
192                 goto put_chain;
193         }
194 
195         p->flags = lflags;
196 
197         if (ovr)
198                 spin_lock_bh(&d->tcf_lock);
199         /* Protected by tcf_lock if overwriting existing action. */
200         goto_ch = tcf_action_set_ctrlact(*a, parm->action, goto_ch);
201         p_old = rcu_dereference_protected(d->skbmod_p, 1);
202 
203         if (lflags & SKBMOD_F_DMAC)
204                 ether_addr_copy(p->eth_dst, daddr);
205         if (lflags & SKBMOD_F_SMAC)
206                 ether_addr_copy(p->eth_src, saddr);
207         if (lflags & SKBMOD_F_ETYPE)
208                 p->eth_type = htons(eth_type);
209 
210         rcu_assign_pointer(d->skbmod_p, p);
211         if (ovr)
212                 spin_unlock_bh(&d->tcf_lock);
213 
214         if (p_old)
215                 kfree_rcu(p_old, rcu);
216         if (goto_ch)
217                 tcf_chain_put_by_act(goto_ch);
218 
219         return ret;
220 put_chain:
221         if (goto_ch)
222                 tcf_chain_put_by_act(goto_ch);
223 release_idr:
224         tcf_idr_release(*a, bind);
225         return err;
226 }
227 
228 static void tcf_skbmod_cleanup(struct tc_action *a)
229 {
230         struct tcf_skbmod *d = to_skbmod(a);
231         struct tcf_skbmod_params  *p;
232 
233         p = rcu_dereference_protected(d->skbmod_p, 1);
234         if (p)
235                 kfree_rcu(p, rcu);
236 }
237 
238 static int tcf_skbmod_dump(struct sk_buff *skb, struct tc_action *a,
239                            int bind, int ref)
240 {
241         struct tcf_skbmod *d = to_skbmod(a);
242         unsigned char *b = skb_tail_pointer(skb);
243         struct tcf_skbmod_params  *p;
244         struct tc_skbmod opt;
245         struct tcf_t t;
246 
247         memset(&opt, 0, sizeof(opt));
248         opt.index   = d->tcf_index;
249         opt.refcnt  = refcount_read(&d->tcf_refcnt) - ref;
250         opt.bindcnt = atomic_read(&d->tcf_bindcnt) - bind;
251         spin_lock_bh(&d->tcf_lock);
252         opt.action = d->tcf_action;
253         p = rcu_dereference_protected(d->skbmod_p,
254                                       lockdep_is_held(&d->tcf_lock));
255         opt.flags  = p->flags;
256         if (nla_put(skb, TCA_SKBMOD_PARMS, sizeof(opt), &opt))
257                 goto nla_put_failure;
258         if ((p->flags & SKBMOD_F_DMAC) &&
259             nla_put(skb, TCA_SKBMOD_DMAC, ETH_ALEN, p->eth_dst))
260                 goto nla_put_failure;
261         if ((p->flags & SKBMOD_F_SMAC) &&
262             nla_put(skb, TCA_SKBMOD_SMAC, ETH_ALEN, p->eth_src))
263                 goto nla_put_failure;
264         if ((p->flags & SKBMOD_F_ETYPE) &&
265             nla_put_u16(skb, TCA_SKBMOD_ETYPE, ntohs(p->eth_type)))
266                 goto nla_put_failure;
267 
268         tcf_tm_dump(&t, &d->tcf_tm);
269         if (nla_put_64bit(skb, TCA_SKBMOD_TM, sizeof(t), &t, TCA_SKBMOD_PAD))
270                 goto nla_put_failure;
271 
272         spin_unlock_bh(&d->tcf_lock);
273         return skb->len;
274 nla_put_failure:
275         spin_unlock_bh(&d->tcf_lock);
276         nlmsg_trim(skb, b);
277         return -1;
278 }
279 
280 static struct tc_action_ops act_skbmod_ops = {
281         .kind           =       "skbmod",
282         .id             =       TCA_ACT_SKBMOD,
283         .owner          =       THIS_MODULE,
284         .act            =       tcf_skbmod_act,
285         .dump           =       tcf_skbmod_dump,
286         .init           =       tcf_skbmod_init,
287         .cleanup        =       tcf_skbmod_cleanup,
288         .size           =       sizeof(struct tcf_skbmod),
289 };
290 MODULE_ALIAS_NET_ACT("skbmod");
291 
292 static __net_init int skbmod_init_net(struct net *net)
293 {
294         struct tc_action_net *tn = net_generic(net, act_skbmod_ops.net_id);
295 
296         return tc_action_net_init(net, tn, &act_skbmod_ops);
297 }
298 
299 static void __net_exit skbmod_exit_net(struct list_head *net_list)
300 {
301         tc_action_net_exit(net_list, act_skbmod_ops.net_id);
302 }
303 
304 static struct pernet_operations skbmod_net_ops = {
305         .init = skbmod_init_net,
306         .exit_batch = skbmod_exit_net,
307         .id   = &act_skbmod_ops.net_id,
308         .size = sizeof(struct tc_action_net),
309 };
310 
311 MODULE_AUTHOR("Jamal Hadi Salim, <jhs@mojatatu.com>");
312 MODULE_DESCRIPTION("SKB data mod-ing");
313 MODULE_LICENSE("GPL");
314 
315 static int __init skbmod_init_module(void)
316 {
317         return tcf_register_action(&act_skbmod_ops, &skbmod_net_ops);
318 }
319 
320 static void __exit skbmod_cleanup_module(void)
321 {
322         tcf_unregister_action(&act_skbmod_ops, &skbmod_net_ops);
323 }
324 
325 module_init(skbmod_init_module);
326 module_exit(skbmod_cleanup_module);
327 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php